Spyware is a general term used to describe software that performs certain behaviours such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first.
Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.
That does not mean all software that provides ads or tracks your online activities is bad. For example, you might sign up for a free music service, but you “pay” for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.
Other kinds of Spyware make changes to your computer that can be annoying and can cause your computer slow down or crash.
These programs can change your Web browsers home page or search page, or add additional components to your browser you don’t need or want. These programs also make it very difficult for you to change your settings back to the way you originally had them.
The key in all cases is whether or not you (or someone who uses your computer) understand what the software will do and have agreed to install the software on your computer.
There are a number of ways Spyware or other unwanted software can get on your computer. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.
Any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with SpyWare. Once installed, the Spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers
Aside from the questions of ethics and privacy, spyware steals from the user by using the computer’s memory resources and also by eating bandwidth as it sends information back to the spy ware’s home base via the user’s Internet connection. Because SpyWare is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
Because SpyWare exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.
Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a SpyWare installation is often couched in obtuse, hard-to-read legal disclaimers.
Examples of SpyWare
These common SpyWare programs illustrate the diversity of behaviours found in these attacks. Note that as with computer viruses, researchers give names to SpyWare programs which may not be used by their creators. Programs may be grouped into “families” based not on shared program code, but on common behaviours, or by “following the money” of apparent financial or business connections. For instance, a number of the SpyWare programs distributed by Claria are collectively known as “Gator”. Likewise, programs which are frequently installed together may be described as parts of the same SpyWare package, even if they function separately.
o CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer’s hosts file to direct DNS lookups to these sites.
o Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.
o Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make an unearned profit for the 180 Solutions Company. It opens pop-up ads that cover over the Web sites of competing companies.
o HuntBar, aka WinTools or Adware, web search was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other SpyWare programs-an example of how SpyWare can install more SpyWare. These programs add toolbars to IE, track aggregate browsing behaviour, redirect affiliate references, and display advertisements.
o Zlob Trojan or just Zlob, Downloads itself to your computer via ActiveX codec and reports information back to Control Server. Some information can be as your search history, the Websites you visited, and even KeyStrokes.